Jingyi Wang,Jun Sun,Shengchao Qin,Cyrille Jegourel

DOI: https://doi.org/10.1109/tse.2018.2886898

IF: 7.4

2018-01-01

IEEE Transactions on Software Engineering

Abstract:Precisely modeling complex systems like cyber-physical systems is challenging, which often renders model-based system verification techniques like model checking infeasible. To overcome this challenge, we propose a method called LAR to automatically ‘verify’ such complex systems through a combination of learning, abstraction and refinement from a set of system log traces. We assume that log traces and sampling frequency are adequate to capture ‘enough’ behaviour of the system. Given a safety property and the concrete system log traces as input, LAR automatically learns and refines system models, and produces two kinds of outputs. One is a counterexample with a bounded probability of being spurious. The other is a probabilistic model based on which the given property is ‘verified’. The model can be viewed as a proof obligation, i.e., the property is verified if the model is correct. It can also be used for subsequent system analysis activities like runtime monitoring or model-based testing. Our method has been implemented as a self-contained software toolkit. The evaluation on multiple benchmark systems as well as a real-world water treatment system shows promising results.

Zhou Conghua,Chen Zhenyu,Ju Shiguang

2008-01-01

Journal of Computer Research and Development

Abstract:For concurrent software systems, linear temporal logic SE-LTL is a specification language with high expressive power and the ability to reason about both states and events. Until now, the SE-LTL model checking algorithm is still explicit, and the state explosion is the primary verification difficulty. A bounded model checking procedure is introduced for SE-LTL which reduces model checking to propositional satisfiability. This new technique avoids the space blow up of BDDs, and sometimes speeds up the verification. For SE-LTL-X the procedure and stuttering equivalent technique is further integrated. The experiment result shows that the integration can reduce the verification time very much.

Eduard Kamburjan,Nathan Wasser

DOI: https://doi.org/10.48550/arXiv.2110.01964

2022-02-11

Abstract:We present a novel and well automatable approach to formal verification of programs with underspecified semantics, i.e., a language semantics that leaves open the order of certain evaluations. First, we reduce this problem to non-determinism of distributed systems, automatically extracting a distributed Active Object model from underspecified, sequential C code. This translation process provides a fully formal semantics for the considered C subset. In the extracted model every non-deterministic choice corresponds to one possible evaluation order. This step also automatically translates specifications in the ANSI/ISO C Specification Language (ACSL) into method contracts and object invariants for Active Objects. We then perform verification on the specified Active Objects model. For this we have implemented a theorem prover Crowbar based on the Behavioral Program Logic (BPL), which verifies the extracted model with respect to the translated specification and ensures the original property of the C code for all possible evaluation orders. By using model extraction, we can use standard tools, without designing a new complex program logic to deal with underspecification. The case study used is highly underspecified and cannot be verified with existing tools for C.

Programming Languages,Logic in Computer Science

Junyan Qian,Baowen Xu,Yingzhou Zhang

2007-01-01

Journal of Computational Information Systems

Abstract:Model checking is an automatic formal verification technique for a finite state system. Iterative abstraction refinement has emerged recently as the leading approach to software model checking. We present a methodology for automatically verifying programs against safety specifications based on finite state machine. As the first step, an initial abstract model is automatically extracted from source code using predicate abstraction and theorem proving. In order to reduce time complexities of this process, we partition the set of candidate predicates into subsets, and then construct abstract model independently.

Dexi Wang,Chao Zhang,Guang Chen,Ming Gu,Jiaguang Sun

2016-01-01

Abstract:The C programming language is widely used in safety-critical software systems. With its large appliance and increasing complexity, the need of ensuring the correctness of C codes emerged. This paper presents Ceagle , a fully automated program verifier for finding assertion violations in C programs. It is decent in both accuracy and efficiency by using a semantically equivalent program model language that is specifically designed for C program, together with various optimizations that make the satisfiability checking faster and memoryfriendly. More specifically, Ceagle uses LLVM clang as front-end parser, an extended labeled transition system as program model, and Z3 SMT solver as the back-end satisfiability checker. Ceagle is designed to be fully automatic and requires no user interaction as long as the assertions are provided. For evaluation, we compare Ceagle with existing C program verifiers based on open benchmarks. Ceagle outperforms others in terms of accuracy, and time and memory consumption.

Lu Chen,Jian Jiao,Jiping Fan,Fuchun Ren

DOI: https://doi.org/10.1109/rams.2016.7447978

2016-01-01

Abstract:Fault propagation identification is an indispensable task in complex system safety analysis. With the growing of system scale and complexity, it is hard for the traditional safety analysis techniques, which depend mainly on analysts' personal skills and experiences, to keep completeness and timeliness; moreover, some failure modes may be neglected and failure effects misjudged during the analysis. Formal science provides a new way to solve this problem, where formal verification method such as model checking can automatically validate whether the system design satisfies the given safety requirements, which can reduce an analysts' repetitive work and design cost, and improve the efficiency and quality of safety analysis. However, there is lack of a deliberate and reasonable way to build system models because of the diversity and flexibility of languages used for model checking, which results in that it is difficult to specify and model system quickly and accurately, and leads to some deviation in model checking. In this paper, a system modeling and safety property specifying approach using symbolic language SMV is proposed, including guidance on the mapping relationships between the formal language elements and system functions, architecture and failure modes; moreover, how to define system specifications and safety requirements using temporal logic formulas is discussed as well. Finally, a case study about airborne system safety analysis is provided, in which the counter-examples that do not meet system specifications can be identified automatically using model checker NuSMV to find out fault events and their propagation that can result in accidents.

Fei He,Yuan Gao,Liangze Yin

DOI: https://doi.org/10.1007/s11704-016-6048-7

IF: 2.6688

2018-01-01

Frontiers of Computer Science

Abstract:Software product line (SPL) engineering is increasingly being adopted in safety-critical systems. It is highly desirable to rigorously show that these systems are designed correctly. However, formal analysis for SPLs is more difficult than for single systems because an SPL may contain a large number of individual systems. In this paper, we propose an efficient model-checking technique for SPLs using induction and a SAT (Boolean satisfiability problem) solver. We show how an induction-based verification method can be adapted to the SPLs, with the help of a SAT solver. To combat the state space explosion problem, a novel technique that exploits the distinguishing characteristics of SPLs, called feature cube enlargement, is proposed to reduce the verification efforts. The incremental SAT mechanism is applied to further improve the efficiency. The correctness of our technique is proved. Experimental results show dramatic improvement of our technique over the existing binary decision diagram (BDD)-based techniques.

Peizun Liu,Guiming Luo,Mo Xia,Maosong He

DOI: https://doi.org/10.1109/IWACI.2011.6160012

2011-01-01

Abstract:Execution environment and temporal performance are very important for modeling a real PLC system. They also become two impediments when verifying with model checking. This paper presents a methodology for modeling a PLC system including time and environment. In order to take into account interaction of PLC controller with execution environment, the proposed method extends the modeling method with an event-driven mechanism. The heterogeneous environments are abstracted as concurrent entities and further formalized into state graphs. A timed abstraction method is proposed to deal with real-time features which specified as timer on delay (TON). We have validated our approach on a concrete case study, a controller for steel plate transfer devices, and report on the results obtained for this case study.

邝宏斌,罗贵明

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.19.009

2008-01-01

Abstract:Parallelism is an effective method in improving the efficiency of model checking. C program model checking based on LTS is studied and a methodology for parallel software model checking is presented. It utilizes modularity of MAGIC, a software model checker, to decompose C program into components, distributes them over computational nodes and parallel call MAGIC to complete the verification. Close to linear speedup and good scalability can be achieved due to little synchronization and inter-nodes communication. The reduction of time expense is beneficial to formal verification of large-scale software.

Kai Yang,Cong Tian,Nan Zhang,Zhenhua Duan,Hongwei Du

DOI: https://doi.org/10.1109/tr.2021.3118877

IF: 5.883

2021-12-01

IEEE Transactions on Reliability

Abstract:In this article, we present an approach based on counterexample-guided abstraction refinement to verifying full regular temporal properties of C programs by means of combining both static analysis and dynamic verification. To this end, a desired property is specified by a propositional projection temporal logic formula $p$, and the labeled normal form graph (LNFG) of $\lnot p$ is automatically produced. Furthermore, the control flow automaton of the C program is constructed, and an enriched abstract reachability tree is generated under the guidance of the LNFG. Throughout the construction of the eART, whenever a candidate counterexample $cp$ is found, a verification input w.r.t $cp$ is generated by the SMT solver Z3. Subsequently, the C program is converted into a modeling, simulation, and verification language (MSVL) program $m$, and $\lnot p$ is also transformed to an MSVL program $m^{\prime }$. As a result, $m\; \text{and} \;m^{\prime }$ is executed to check whether the counterexample is spurious. The $cp$ is returned if it is a real counterexample; otherwise, the eART is refined. This process is repeated until no counterexample is found, namely the property is valid, or the counterexample is a real one The proposed approach enables us to not only verify full regular properties of C programs, but also produce precise results, neither false negatives nor false positives. The approach has been implemented in a tool named SDMC. Experiments show that SDMC outperforms the relevant tools available.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Litian Xiao,Mengyuan Li,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1109/icinfa.2015.7279376

2015-01-01

Abstract:PLC (Programmable Logic Controller) program in automatic control is vital to this kind of safety-critical applications. In this paper, we present a useful method of compositional model checking for verification of PLC programs. The method is based on the work pattern and the system model of PLC for modelling PLC program. Because the state space explosion problem limits the use of general model checking in real PLC programs, the paper firstly defines the framework and the mechanism of model combination based on the module of PLC program. Then the paper proposes a series of PLC domain specific strategies for compositional model checking between two modules. Through two modules' combination is verified at a time in a PLC program, cyclic stacking combination of the modules can be verified by the recursive operation of compositional checking for the whole program. The strategies can effectively reduce state space by means of hierarchical module model and recursion state transfer. The validity of our method is illustrated by an example.

Van Chan Ngo,Axel Legay

DOI: https://doi.org/10.1002/smr.1890

2017-12-05

Abstract:Transaction-level modeling with SystemC has been very successful in describing the behavior of embedded systems by providing high-level executable models, in which many of them have inherent probabilistic behaviors, e.g., random data and unreliable components. It thus is crucial to have both quantitative and qualitative analysis of the probabilities of system properties. Such analysis can be conducted by constructing a formal model of the system under verification and using Probabilistic Model Checking (PMC). However, this method is infeasible for large systems, due to the state space explosion. In this article, we demonstrate the successful use of Statistical Model Checking (SMC) to carry out such analysis directly from large SystemC models and allow designers to express a wide range of useful properties. The first contribution of this work is a framework to verify properties expressed in Bounded Linear Temporal Logic (BLTL) for SystemC models with both timed and probabilistic characteristics. Second, the framework allows users to expose a rich set of user-code primitives as atomic propositions in BLTL. Moreover, users can define their own fine-grained time resolution rather than the boundary of clock cycles in the SystemC simulation. The third contribution is an implementation of a statistical model checker. It contains an automatic monitor generation for producing execution traces of the model-under-verification (MUV), the mechanism for automatically instrumenting the MUV, and the interaction with statistical model checking algorithms.

Software Engineering

zhibin yang,kai hu,yongwang zhao,dianfu ma,jeanpaul bodeveix

DOI: https://doi.org/10.13328/j.cnki.jos.004776

2015-01-01

Abstract:This paper presents a formal verification method for AADL (architecture analysis and design language) models by TASM (timed abstract state machine) translation. The abstract syntax of the chosen subset of AADL and of TASM are given. The translation rules are defined clearly by the semantic functions expressed in a ML-like language. Furthermore, the translation is implemented in the model transformation tool AADL2TASM, which provides model checking and simulation for AADL models. Finally, a case study of space GNC (guidance, navigation and control) system is provided.

Johan van Benthem,Jan van Eijck,Malvin Gattinger,Kaile Su

DOI: https://doi.org/10.1007/978-3-662-48561-3_30

2017-01-01

Journal of Logic and Computation

Abstract:Dynamic Epistemic Logic (DEL) can model complex information scenarios in a way that appeals to logicians. However, existing DEL implementations are ad-hoc, so we do not know how the framework really performs. For this purpose, we want to hook up with the best available model-checking and SAT techniques in computational logic. We do this by first providing a bridge: a new faithful representation of DEL models as so-called knowledge structures that allow for symbolic model checking. Next, we show that we can now solve well-known benchmark problems in epistemic scenarios much faster than with existing DEL methods. Finally, we show that our method is not just a matter of implementation, but that it raises significant issues about logical representation and update.

David Brandfonbrener,Simon Henniger,Sibi Raja,Tarun Prasad,Chloe Loughridge,Federico Cassano,Sabrina Ruixin Hu,Jianang Yang,William E. Byrd,Robert Zinkov,Nada Amin

2024-05-24

Abstract:Large Language Models (LLMs) can generate useful code, but often the code they generate cannot be trusted to be sound. In this paper, we present VerMCTS, an approach to begin to resolve this issue by generating verified programs in Dafny and Coq. VerMCTS uses a logical verifier in concert with an LLM to guide a modified Monte Carlo Tree Search (MCTS). This approach leverages the verifier to gain intermediate feedback inside the search algorithm by checking partial programs at each step to estimate an upper bound on the value function. To measure the performance of VerMCTS, we develop a new suite of multi-step verified programming problems in Dafny and Coq. In terms of pass@T, a new metric which computes the pass rate given a budget of T tokens sampled from the LLM, VerMCTS leads to more than a 30% absolute increase in average pass@5000 across the suite over repeated sampling from the base language model. Our code and benchmarks are available at

Software Engineering,Artificial Intelligence,Machine Learning,Logic in Computer Science,Programming Languages

litian xiao,mengyuan li,ming gu,jiaguang sun

DOI: https://doi.org/10.1109/icma.2014.6885893

2014-01-01

Abstract:The correctness of PLC (Programmable Logic Controller) program in automatic control is vital to this kind of safety-critical applications. In this paper, we present a useful method of combinational model-checking for correctness of PLC programs. The method is based on the denotational semantics of PLC program and the semantic functions for basic instructions. Because the state space explosion problem limits the use of general model-checking in real PLC programs, the paper firstly defines a set of combinational verification rules based on the denotational semantics. Then the paper proposes a series of general and PLC domain specific strategies for combinational model-checking. The rules and strategies can effectively reduce state space and their correctness is proved. The validity of our method is shown by an example.

Yongwang Zhao,Dianfu Ma,Jing Li,Zhuqing Li

DOI: https://doi.org/10.1109/EASe.2011.13

2011-01-01

Abstract:Increasingly, software needs to dynamically adapt its structure and behavior at runtime in response to changing conditions in the supporting computing, network infrastructure, and in the surrounding physical environments. By high complexity, adaptive programs are generally difficult to specify, verify, and validate. Assurance of high dependability of these programs is a great challenge. Efficiently and precisely specifying requirements and flexible model checking for adaptation are the key issues for developing dependably adaptive software. This paper introduces a formal model for adaptive programs which have different behavioral modes. We consider that adaptive programs have two behavioral level, functional behavior and adaptation. State machine is used to describe functional behavior in different modes and mode automata is proposed for adaptations. Specifications of adaptive programs are classified into three categories, local, adaptation and global properties from their different scope of dynamic adaptation. To specify and verify specifications on our model, We propose the Mode-extended Linear Temporal Logic (mLTL) and its model checking approach. mLTL extends Linear Temporal Logic (LTL) by adding mode related element and enables describing properties on different modes. Our formal model and mLTL formulae are translated to SMV language and verified in NuSMV model checker.

Xiaopu Huang,Qingqing Sun,Jiangwei Li,Tian Zhang

DOI: https://doi.org/10.1007/978-3-642-35795-4_62

2012-01-01

Abstract:State Machine Diagram (SMD) is one of the SysML behavior diagrams, but it is a kind of semi-formal model language. As a consequence, models can not be verified conveniently and efficiently, especially in real-time embedded system (RTES) field as there are no descriptions of time and probability in SMD. To address these problems, we extend SMD with time and probability elements extracted from MARTE and propose a transformation algorithm based on MDE. With the algorithm, we transform the extended SMD to timed automata (TA) and then analyze and verify the transformation result using existing tools. So at the very beginning of system design, errors and deficiencies can be found. At last, we construct an instance to illustrate the validity of our approach.

Min Zhou,Fei He,Ming Gu,Xiaoyu Song

DOI: https://doi.org/10.1109/COMPSAC.2009.80

2009-01-01

Abstract:In this paper, we focus on modeling and verification of PLC systems, which are widespread in industry and manufacture. Our approach is based on a translation procedure from PLC programs to timed automata. The resulting model consists of several kinds of modules. Besides the main module which depicts the behaviors of the PLC programs, a dedicated module is constructed to simulate the cyclical running mode of PLC systems, and another module is involved for specifying the environment behaviors. After all modules are constructed, the model checker Uppaal is adapted to perform the model checking. Experimental results show promising performance of our approach. Compared with existing approaches, our method supports extensive instructions, including not only the time-related instructions, such as timer and counter, but also the subroutine and interruption instructions. In addition, the structure of whole model is more compact, and the translation procedure is more efficient, which results in a reduced verification model.

Jingyi Mei,Ming Xu,Ji Guan,Yuxin Deng,Nengkun Yu

2023-06-30

Abstract:Verifying quantum systems has attracted a lot of interest in the last decades. In this paper, we study the quantitative model-checking of quantum continuous-time Markov chains (quantum CTMCs). The branching-time properties of quantum CTMCs are specified by continuous stochastic logic (CSL), which is famous for verifying real-time systems, including classical CTMCs. The core of checking the CSL formulas lies in tackling multiphase until formulas. We develop an algebraic method using proper projection, matrix exponentiation, and definite integration to symbolically calculate the probability measures of path formulas. Thus the decidability of CSL is established. To be efficient, numerical methods are incorporated to guarantee that the time complexity is polynomial in the encoding size of the input model and linear in the size of the input formula. A running example of Apollonian networks is further provided to demonstrate our method.

Logic in Computer Science